Title: [259484] branches/safari-609.2.1.2-branch/Source/WebKit
- Revision
- 259484
- Author
- [email protected]
- Date
- 2020-04-03 12:57:23 -0700 (Fri, 03 Apr 2020)
Log Message
Cherry-pick r254724. rdar://problem/61231960
IPC hardening for WebPageProxy::SetPromisedDataForImage message
https://bugs.webkit.org/show_bug.cgi?id=206380
<rdar://problem/58625196>
Reviewed by Geoffrey Garen.
IPC hardening for WebPageProxy::SetPromisedDataForImage message. Make sure the shared memory handle sent over IPC is not null
and null check the SharedMemory object after calling SharedMemory::map().
* UIProcess/mac/WebPageProxyMac.mm:
(WebKit::WebPageProxy::setPromisedDataForImage):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254724 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-609.2.1.2-branch/Source/WebKit/ChangeLog (259483 => 259484)
--- branches/safari-609.2.1.2-branch/Source/WebKit/ChangeLog 2020-04-03 19:50:42 UTC (rev 259483)
+++ branches/safari-609.2.1.2-branch/Source/WebKit/ChangeLog 2020-04-03 19:57:23 UTC (rev 259484)
@@ -1,3 +1,35 @@
+2020-04-03 Alan Coon <[email protected]>
+
+ Cherry-pick r254724. rdar://problem/61231960
+
+ IPC hardening for WebPageProxy::SetPromisedDataForImage message
+ https://bugs.webkit.org/show_bug.cgi?id=206380
+ <rdar://problem/58625196>
+
+ Reviewed by Geoffrey Garen.
+
+ IPC hardening for WebPageProxy::SetPromisedDataForImage message. Make sure the shared memory handle sent over IPC is not null
+ and null check the SharedMemory object after calling SharedMemory::map().
+
+ * UIProcess/mac/WebPageProxyMac.mm:
+ (WebKit::WebPageProxy::setPromisedDataForImage):
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254724 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-01-16 Chris Dumez <[email protected]>
+
+ IPC hardening for WebPageProxy::SetPromisedDataForImage message
+ https://bugs.webkit.org/show_bug.cgi?id=206380
+ <rdar://problem/58625196>
+
+ Reviewed by Geoffrey Garen.
+
+ IPC hardening for WebPageProxy::SetPromisedDataForImage message. Make sure the shared memory handle sent over IPC is not null
+ and null check the SharedMemory object after calling SharedMemory::map().
+
+ * UIProcess/mac/WebPageProxyMac.mm:
+ (WebKit::WebPageProxy::setPromisedDataForImage):
+
2020-02-26 Alan Coon <[email protected]>
Cherry-pick r257013. rdar://problem/59789392
Modified: branches/safari-609.2.1.2-branch/Source/WebKit/UIProcess/mac/WebPageProxyMac.mm (259483 => 259484)
--- branches/safari-609.2.1.2-branch/Source/WebKit/UIProcess/mac/WebPageProxyMac.mm 2020-04-03 19:50:42 UTC (rev 259483)
+++ branches/safari-609.2.1.2-branch/Source/WebKit/UIProcess/mac/WebPageProxyMac.mm 2020-04-03 19:57:23 UTC (rev 259484)
@@ -314,7 +314,12 @@
{
MESSAGE_CHECK_URL(url);
MESSAGE_CHECK_URL(visibleURL);
+ MESSAGE_CHECK(!imageHandle.isNull());
+
RefPtr<SharedMemory> sharedMemoryImage = SharedMemory::map(imageHandle, SharedMemory::Protection::ReadOnly);
+ if (!sharedMemoryImage)
+ return;
+
auto imageBuffer = SharedBuffer::create(static_cast<unsigned char*>(sharedMemoryImage->data()), imageSize);
RefPtr<SharedBuffer> archiveBuffer;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
